77 matches found
CVE-2018-6390
The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an copy call, which allows remote attackers to cause a denial of service access violation and application crash via a crafted a web page, b office...
EUVD-2018-18147
Malware in sbrugna...
EUVD-2018-19273
Malware in sbrugna...
EUVD-2017-9110
Malware in sbrugna...
EUVD-2018-17978
Malware in sbrugna...
EUVD-2020-17979
Malware in sbrugna...
EUVD-2024-48210
Malicious code in bioql PyPI...
EUVD-2024-51409
Malicious code in bioql PyPI...
CVE-2024-7263
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...
CVE-2024-13187
A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit...
CVE-2024-7262
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...
CVE-2022-24934
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...
CVE-2020-25291
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x...
CVE-2024-11957
Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough...
CVE-2024-11957
Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough...
CVE-2024-11957 Arbitrary Code Execution in WPS Office
Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough...
Kingsoft WPS Office 数据伪造问题漏洞
Kingsoft WPS Office is a kind of office software from Kingsoft China. It provides document processing functionality. A security vulnerability exists in Kingsoft WPS Office 12.1.0.18276 and prior versions, which stems from improper verification of digital signatures and could lead to the loading o...
CVE-2024-13187
A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit...
CVE-2024-13187 Kingsoft WPS Office TCC code injection
A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit...
CVE-2024-13187
CVE-2024-13187 affects Kingsoft WPS Office 6.14.0 for macOS, with the vulnerable element being the TCC Handler. The documented impact is code injection that can be triggered by a local attacker on the host. Exploitation has been disclosed publicly per sources, and the vendor was not responsive to...